Technical Docs
Search…
⌃K

Authentication

Suggestic supported authentication methods
Our GraphQL API currently supports 2 authentication methods that you can use depending on your case and needs, JWT Authentication and Basic API Token Authentication.

JWT Authentication

Use JWT to implement the client-side authentication system only
This method requires a valid user and password and returns a JWT that can be used to consume the GraphQL API.
post
https://production.suggestic.com
/api/v1/login
Once this request is sent, the following information is displayed:
Response
{
"email": "[email protected]",
"name": "lili",
"phone": "",
"user_id": "<user_id>",
"is_premium": false,
"birthdate": null,
"avatar": null,
"token": "<token>",
"refresh_token": "<refresh_token>",
"hashed_email": "59184e9bf7b070d500629ae7410aa1bce18ef6bf98655af15dbadadb58e1f137",
"program_id": "<program_id>",
"show_program_view": true,
"transaction_provider": "",
"transaction_duration": "",
"transaction_price": 0,
"profile_id": "<profile_id>"
}

How to use a Bearer Authentication within graphQL

Once you login, open your Grapqhl Playground, in the authentication section add the following header
HTTP HEADERS
{
"Authorization": "Bearer <insert_your_token_here>"
}
When a JWT authentication is used in GraphQL, it is not required to add the sg-user header.
For example:
The following query retrieves the information of a meal plan by giving the bearer token

cURL Request with Bearer token

The bearer token is sent to the server with the 'Authorization: Bearer {token}' authorization header.
In the following example, we are getting the shopping list request.
cURL Request
curl -XPOST 'https://production.suggestic.com/graphql' \
-H 'Authorization: Bearer <insert_your_bearer_token_here>' \
-H 'Content-Type: application/json' \
--data-raw '{"query":"{\n shoppingList { edges {node {ingredientLine quantity aisleName recipeName isDone unit databaseId errors } } }}"}'
cur

API Token Authentication

Use the API authorization token provided on server-side applications only
Use this authentication method to access the API "on behalf" of your users.
To use this method you require a valid API token and a user's id. Add these to a custom HTTP Header as shown below.
post
https://production.suggestic.com
/graphql
Do not use the provided token on client-side authentication. If so, please request a new token.

Clients/Partners API Token

Partners/clients which have an isolated database will need to authenticate by using a different HTTP header named Suggestic-Partner. Use it as it is explained below:
HTTP Header
{
"Authorization": "Token <TOKEN>",
"Suggestic-Partner":"<PARTNER-SLUG>"
}

Examples

cURL Example

To query GraphQL using cURL, make a POST request with a JSON payload. The payload must contain a string called query:
Query
Response
curl 'https://staging.suggestic.com/graphql' -XPOST \
-H 'Content-Type: application/json' \
-H 'Authorization: Token 7b9f6fd852faba099be1984c97124b7f8d776f26' \
-H 'sg-user: e084268c-5487-4f35-9d74-9ce41de3992b' \
-d '{"query": "{ myProfile { id programName } }"}'
{
"data": {
"myProfile": {
"id": "e084268c-5487-4f35-9d74-9ce41de3992b",
"programName": "Anti-Inflammatory Diet"
}
}
}
Note: The string value of "query" must escape newline characters or the schema will not parse it correctly. For the POST body, use outer double quotes and escaped inner double-quotes.
If you need to use your partner/client header, use the following cURL
Example
curl -XPOST 'https://production.suggestic.com/graphql' \
-H 'Authorization: Token <API-Token>' \
-H 'SG-User: <user-id>' \
-H 'Suggestic-Partner: <PARTNER-SLUG>' \
-H 'Content-Type: application/json' \

Python Example

import requests
# HTTP Headers including sg-user for especific user context
headers = {
"Authorization": "Token 7b9f6fd852faba099be1984c97124b7f8d776f26",
"sg-user": "e084268c-5487-4f35-9d74-9ce41de3992b"
}
# GraphQL query
query = """{ myProfile { id programName } }"""
# Make request
r = requests.post(
"https://staging.suggestic.com/graphql",
headers=headers,
json={"query": query}
)
# print json response
print(r.json())
If you need to use your partner/client header, replace sg-user with the Suggestic-Partner information